risk management presented by: prof. dr. samir afifi
TRANSCRIPT
Risk ManagementRisk ManagementRisk ManagementRisk Management
Presented By:Prof. Dr. Samir Afifi
What Is “Risk”?“Risk is a condition in which there is a
possibility of an adverse difference from a desired outcome that is expected … .”
“… the threat that any event or action will adversely affect an organization’s ability to achieve its business objectives and execute its strategies.”
3
Why manage risks?
It is a fact of life that chance
events will occur and affect the
outcome of your system or project
If anything can go wrong, it will!
Of things that could go wrong, the
one that causes the most damage
will occur!
4
Risk during the projectRisk and the associated cost to address the risk,
varies over the project life cycleFor initial phase there is high chance of risk events, but low cost impactFor final phase there is low chance of risk events, but cost impact is high
Identifying and managing risks will greatly affect project success
Mouse ‘Click’ to move on to the next slide NextNextNextNext
Risk Management: Is the name given to a logical
and systematic method of identifying, analyzing, treating and monitoring the risks involved in any activity or process.
What is Risk Management?What is Risk Management?What is Risk Management?What is Risk Management?
Mouse ‘Click’ to move on to the next slide NextNextNextNext
Risk Management:Is a methodology that helps managers make best use of their available resources
What is Risk Management?What is Risk Management?What is Risk Management?What is Risk Management?
A decision making tool, that can be used by everyone, to increase personal awareness by anticipating hazards & reducing the potential of injury or death, thereby increasing the probability of a long life.
What is Risk Management?What is Risk Management?What is Risk Management?What is Risk Management?
Mouse ‘Click’ to move on to the next slide NextNextNextNext
Good management practice
Process steps that enable improvement in decision making
A logical and systematic approach
Identifying opportunities
Avoiding or minimizing losses
What is Risk Management?What is Risk Management?What is Risk Management?What is Risk Management?
Risk Management Definition of Terms
Nine Terms1. HAZARD:
Any real or potential condition that can cause injury, illness, or death of personnel or damage to or loss of equipment, property, or mission degradation/ interferes with liberty.
Risk Management Definition of Terms Continued
2. RISK: Chance of hazard or bad consequences; exposure to chance of injury or loss. Risk level is expressed in terms of hazard probability and severity.
3. EXPOSURE: The frequency and length of time subjected to hazard.
4. PROBABILITY: The likelihood that and event will occur.
Risk Management Definition of Terms Continued
5. SEVERITY: The expected consequence of an event in terms of degree of injury, property damage, or other impairing factors (will it leave a mark, will I get in trouble, adverse publicity, etc.)
that could occur.
Risk Management Definition of Terms Continued
6. CONTROLS: Actions taken to eliminate hazards or reduce the risk.
7. RISK ASSESSMENT: The identification and assessment of hazards.
Risk Management Definition of Terms Continued
8. RESIDUAL RISK: The level of risk remaining after controls have been identified and selected for hazards that may result in loss of life, injury or property damage. (Reduce the hazard / risk to an acceptable level or until it cannot be practically reduced further.)
Risk Management Definition of Terms Continued
9. RISK DECISION: The decision to accept or not accept the risk(s) associated with an action; made by the commander, leader, or individual responsible for performing that action.
Risk Management Definition of Terms Continued
NextNextNextNext
Risk Management
• practices are widely used in public and the private sectors,
• covering a wide range of activities or operations.
These include:
Who uses Risk Management?Who uses Risk Management?Who uses Risk Management?Who uses Risk Management?
• Finance and Investment
• Insurance
• Environment
• Health Care
• Public Institutions
• Governments
• Finance and Investment
• Insurance
• Environment
• Health Care
• Public Institutions
• Governments
NextNextNextNext
Effective Risk ManagementEffective Risk Management
1. Is a recognized and valued skill.
2. Educational institutions have formal study courses and award degrees in Risk Management.
The Risk Management process is well established. (International RM process standards.)
Who uses Risk Management?Who uses Risk Management?Who uses Risk Management?Who uses Risk Management?
NextNextNextNext
Risk Management isnow an integral part of business planning.
Who uses Risk Management?Who uses Risk Management?Who uses Risk Management?Who uses Risk Management?
The Risk Management process steps are a broad guide for any organization, regardless of the type of business, activity or function.
How is Risk Management used?How is Risk Management used?How is Risk Management used?How is Risk Management used?
NextNextNextNext
There are
77 steps in the RM
process
NextNextNextNext
The basic process steps are:
Establish the contextEstablish the context
Identify the risksIdentify the risks
Analyze the risksAnalyze the risks
Evaluate the risksEvaluate the risks
Treat the risksTreat the risks
NextNextNextNext
‘Risk’ is dynamic and subject to constant change, so the process includes continuing:
Communication & consultationCommunication & consultation
Monitoring and reviewMonitoring and review
and
NextNextNextNext
The Risk Management process:
The strategic and organizational context in which risk management will take place.
For example, the nature of your business, the risks natural in your business and your priorities.
Communicate & consultCommunicate & consult
Establish the contextEstablish the context
NextNextNextNext
The Risk Management process:
Communicate & consultCommunicate & consultMonitor and reviewMonitor and review
Defining types of risk, for instance, ‘Strategic’ risks to the goals and objectives of the organization.
• Identifying the stakeholders, (i.e.,who is involved or affected).
• Past events, future developments.
Identify the risksIdentify the risks
NextNextNextNext
The Risk Management process:
Communicate & consultCommunicate & consultMonitor and reviewMonitor and review
Analyse the risksAnalyse the risks
How likely is the risk event to happen? (Probability and frequency?)
What would be the impact, cost or consequences of that event occurring? (Economic, political, social?)
NextNextNextNext
The Risk Management process:
Communicate & consultCommunicate & consultMonitor and reviewMonitor and review
Evaluate the risksEvaluate the risks
Rank the risks according to management priorities, by risk category and rated by probability and possible cost or consequence.
Determine inherent levels of risk.
NextNextNextNext
The Risk Management process:
Treat the risksTreat the risks
Develop and implement a plan with specific counter-measures to address the identified risks.
Consider:
• Priorities (Strategic and operational)
• Resources (human, financial and technical)
• Risk acceptance, (i.e., low risks)
NextNextNextNext
The Risk Management process:
Document your risk management plan and describe the reasons behind selecting the risk and for the treatment chosen.
Record allocated responsibilities, monitoring or evaluation processes, and assumptions on residual risk.
Communicate & consultCommunicate & consultMonitor and reviewMonitor and review
Treat the risksTreat the risks
NextNextNextNext
The Risk Management process:
Communicate & consultCommunicate & consult
Risk Management policies and decisions must be regularly reviewed.
Risk Management policies and decisions must be regularly reviewed.
Monitor and reviewMonitor and review
In identifying, prioritising and treating risks, organisations make assumptions and decisions based on situations that are subject to change, (e.g., the business environment, trading patterns, or government policies).
NextNextNextNext
The Risk Management process:
Risk Managers must monitor activities and processes to determine the accuracy of planning assumptions and the effectiveness of the measures taken to treat the risk.
Methods can include data evaluation, audit, compliance measurement.
Communicate & consultCommunicate & consult
Monitor and reviewMonitor and review
NextNextNextNext
The Risk Management process:
Establish the contextEstablish the context
Identify the risksIdentify the risks
Analyse the risksAnalyse the risks
Evaluate the risksEvaluate the risks
Treat the risksTreat the risks
Monit
ori
ng a
nd r
evie
wM
onit
ori
ng a
nd r
evie
w
Com
munic
ati
on &
consu
ltati
on
Com
munic
ati
on &
consu
ltati
on
NextNextNextNext
StrategicStrategic
Risk management can beRisk management can be strategic, operational or tacticalstrategic, operational or tacticalRisk management can beRisk management can be strategic, operational or tacticalstrategic, operational or tactical
Strategic:Strategic: Risks to Customs goals and objectives, e.g., prohibitions and restrictions, (social or economic), health,revenue, environment.
Strategic:Strategic: Risks to Customs goals and objectives, e.g., prohibitions and restrictions, (social or economic), health,revenue, environment.
- usually longer term strategies
- usually longer term strategies
NextNextNextNext
OperationalOperational
Operational:Operational: Decisionsand action planson measures taken to deal with the assessed risks.Deployment of resources; monitoring and review.
Operational:Operational: Decisionsand action planson measures taken to deal with the assessed risks.Deployment of resources; monitoring and review.
- medium term strategies
- medium term strategies
NextNextNextNext
TacticalTactical
Tactical:Tactical: Used byofficers at their workplace, to deal with immediate situations, working withinset parameters andto approved procedures.
Tactical:Tactical: Used byofficers at their workplace, to deal with immediate situations, working withinset parameters andto approved procedures.
- short term strategies
- short term strategies
NextNextNextNext
• Economic benefits, by facilitating the Economic benefits, by facilitating the movement of goods, ships, aircraft and movement of goods, ships, aircraft and people – when rated low risk.people – when rated low risk.
• Makes more effective use of existing Makes more effective use of existing skills and experience – giving better skills and experience – giving better results.results.
• Improves the quality of Customs controls Improves the quality of Customs controls – information and accountability.– information and accountability.
Why you should use Risk Management:Why you should use Risk Management:
NextNextNextNext
The process helps The process helps Administrations focus on Administrations focus on priorities and in priorities and in decisions on deploying decisions on deploying limited resources to deal limited resources to deal with the highest risks.with the highest risks.
Why you should use Risk Management:Why you should use Risk Management:
NextNextNextNext
The first step is to look at your Customs The first step is to look at your Customs context. context.
• What is the role of Customs?What is the role of Customs?
• What are your national priorities and the What are your national priorities and the expectations of the government and the expectations of the government and the public?public?
• What is the nature of your operational What is the nature of your operational environment?environment?
Where do you start?Where do you start?Where do you start?Where do you start?
NextNextNextNext
How do you use it in Customs?How do you use it in Customs?How do you use it in Customs?How do you use it in Customs?
The next steps in the Risk Management The next steps in the Risk Management process are to:- process are to:-
• Identify the risks Identify the risks
• Analyse the risks; andAnalyse the risks; and
• Evaluate the risks,Evaluate the risks,
… … but, if you are just starting on Risk but, if you are just starting on Risk Management planning:Management planning:
Where does the information come Where does the information come from?from?
Where does the information come Where does the information come from?from?
Who does this?Who does this?
NextNextNextNext
Responsibilities must be allocated:Responsibilities must be allocated:
•Appoint a Risk Management champion Appoint a Risk Management champion with appropriate qualifications, including with appropriate qualifications, including experience and analytical skills.experience and analytical skills.
•Form a Risk Management Committee, Form a Risk Management Committee, representative of operational areas.representative of operational areas.
•Conduct Risk Management Workshops.Conduct Risk Management Workshops.
•Determine operating procedures. Determine operating procedures.
Who does the Risk Assessment?Who does the Risk Assessment?Who does the Risk Assessment?Who does the Risk Assessment?
NextNextNextNext
After identifying and analysing After identifying and analysing the risks, you can evaluate.the risks, you can evaluate.
• What is the likelihood of the risk What is the likelihood of the risk event occurring? event occurring?
Evaluate the risksEvaluate the risksEvaluate the risksEvaluate the risks
•Almost Almost certaincertain
•LikelyLikely•ModerateModerate•UnlikelyUnlikely•Rare?Rare?
•Almost Almost certaincertain
•LikelyLikely•ModerateModerate•UnlikelyUnlikely•Rare?Rare?
What is the What is the consequencconsequence if the risk e if the risk
event event occurs?occurs?
What is the What is the consequencconsequence if the risk e if the risk
event event occurs?occurs?
•ExtremeExtreme•Very highVery high•ModerateModerate•LowLow•NegligibleNegligible??
•ExtremeExtreme•Very highVery high•ModerateModerate•LowLow•NegligibleNegligible??
NextNextNextNext
You need to describe or to quantify You need to describe or to quantify exactly what the ‘Likelihood’ and exactly what the ‘Likelihood’ and ‘Consequence’ terms means to you.‘Consequence’ terms means to you.
This helps in ensuring a consistent This helps in ensuring a consistent (unfailing) approach in future risk (unfailing) approach in future risk assessment and review and assessment and review and monitoring.monitoring.
It promotes a common understanding It promotes a common understanding within the Administration.within the Administration.
Evaluate the risksEvaluate the risksEvaluate the risksEvaluate the risks
NextNextNextNext
After establishing ‘After establishing ‘LikelihoodLikelihood’ and ’ and ‘‘ConsequenceConsequence’ you can use a table like ’ you can use a table like this to set a level of risk.this to set a level of risk.
Evaluate the risksEvaluate the risksEvaluate the risksEvaluate the risks
Extreme Very high Moderate Low Negligible
Almost certain
Severe Severe High Major Moderate
Likely Severe High Major Significant Moderate
Moderate High Major Significant Moderate Low
Unlikely Major Significant Moderate Low Very low
Rare Significant Moderate Low Very low Very Low
You must define what these risk levels mean to You must define what these risk levels mean to you.you.
You must define what these risk levels mean to You must define what these risk levels mean to you.you.
NextNextNextNext
Low and very low level risks can normally Low and very low level risks can normally be accepted, subject to on-going be accepted, subject to on-going monitoring.monitoring.
All other risks are included in the All other risks are included in the management plan.management plan.
The plan catalogues the risks, the level The plan catalogues the risks, the level of risk, and describes a treatment. of risk, and describes a treatment.
The treatment is the action proposed, The treatment is the action proposed, (and perhaps the resources allocated).(and perhaps the resources allocated).
Treating the risksTreating the risksTreating the risksTreating the risks
NextNextNextNext
Treating the risksTreating the risksTreating the risksTreating the risks
TargetedselectionsTargetedselections
Development ofDevelopment of Risk Profiles
Development ofDevelopment of Risk Profiles
PhysicalPhysicalexaminationexamination
PhysicalPhysicalexaminationexaminationIndustry auditsIndustry audits
RandomRandomexaminationsexaminations
RandomRandomexaminationsexaminations
ComplianceimprovementCompliance
improvement
NextNextNextNext
Treating the risksTreating the risksTreating the risksTreating the risks
Risk Profiles are developed as a means of putting risk management into practice at the Operational level.
A Risk Profile is normally specific to a Customs office. It describes:
• The risk areas• Assessment of the level of risk• The countermeasures adopted• Activation date and review dates• Means of measuring effectiveness.
A Risk Profile is normally specific to a Customs office. It describes:
• The risk areas• Assessment of the level of risk• The countermeasures adopted• Activation date and review dates• Means of measuring effectiveness.
NextNextNextNext
Treating the risksTreating the risksTreating the risksTreating the risks
Using the profile information, consignments of goods, means of transport and people are targeted.
The profile information is used as the basis for Selection Criteria.
Documents received and processed by Customs, i.e., cargo and passenger manifests, goods declarations, are compared against the Selection Criteria
Documents received and processed by Customs, i.e., cargo and passenger manifests, goods declarations, are compared against the Selection Criteria
Selection Criteria
Selection Criteria
NextNextNextNext
Treating the risksTreating the risksTreating the risksTreating the risks
Selections are made by manual checks of documents, or by using automated systems.
Selected transactions or movements are subject to the actions detailed in the profile or plan, e.g., physical examination, audit, etc.
Selection Criteria
Selection Criteria
Documentsand Data
Documentsand Data
Selected movements
Selected movements
NextNextNextNext
Monitor & ReviewMonitor & ReviewMonitor & ReviewMonitor & Review
The initial assessment made of the existence and level of risks must be evaluated on a regular basis.
You need to measure the effectiveness of risk profiles and update as necessary.
• Reliable reporting of examination Reliable reporting of examination resultsresults
• Reliable reporting of examination Reliable reporting of examination resultsresults
• Compliance measurement activitiesCompliance measurement activities• Compliance measurement activitiesCompliance measurement activities
• Feedback from the business Feedback from the business communitycommunity
• Feedback from the business Feedback from the business communitycommunity• Results analysis and data comparisonsResults analysis and data comparisons• Results analysis and data comparisonsResults analysis and data comparisons
NextNextNextNext
The starting point is the The starting point is the Action PlanAction Plan::
1.1. Allocate responsibilities, e.g., a Risk Allocate responsibilities, e.g., a Risk Management Champion and a working Management Champion and a working party.party.
2.2. Evaluate how Risk Management processes Evaluate how Risk Management processes can be best applied in can be best applied in youryour national national environment.environment.
3.3. Survey existing skills and do a training Survey existing skills and do a training needs assessment.needs assessment.
4.4. Catalogue existing sources of data or Catalogue existing sources of data or information that can help in identifying information that can help in identifying risks. risks.
Using Risk ManagementUsing Risk ManagementUsing Risk ManagementUsing Risk Management
NextNextNextNext
5.5. Flow chart existing processes. Flow chart existing processes.
6.6. Communicate and consult – within Communicate and consult – within Customs, with other Agencies, the Customs, with other Agencies, the trading community and transport trading community and transport industry.industry.
7.7. Obtain IT tools or set up processes for Obtain IT tools or set up processes for effectively operating a selectivity system.effectively operating a selectivity system.
8.8. Provide training in profiling/selectivity Provide training in profiling/selectivity skills.skills.
9.9. Test and gain confidence in the Risk Test and gain confidence in the Risk Management process. Management process.
Using Risk ManagementUsing Risk ManagementUsing Risk ManagementUsing Risk Management
Thank You شكراشكراThanThanks ks